CVE-2024-39694: IdentityServer Open Redirect vulnerability
It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site.
Note: by itself, this vulnerability does not allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials.
References
- github.com/DuendeSoftware/IdentityServer
- github.com/DuendeSoftware/IdentityServer/commit/269ca2171fe1e901c87f2f0797bbc7c230db87c6
- github.com/DuendeSoftware/IdentityServer/commit/765116a2d4fb0671b6eba015e698533900c61c8e
- github.com/DuendeSoftware/IdentityServer/commit/d0d8eab35ad9183b14925496803ed8b36658d0a1
- github.com/DuendeSoftware/IdentityServer/commit/f04cf0be859b93f43563f8f812eb92206ad94011
- github.com/DuendeSoftware/IdentityServer/commit/fe817b499933d6ed6141b153492d7335c28b184a
- github.com/DuendeSoftware/IdentityServer/security/advisories/GHSA-ff4q-64jc-gx98
- github.com/IdentityServer/IdentityServer4/security/advisories/GHSA-55p7-v223-x366
- github.com/advisories/GHSA-ff4q-64jc-gx98
- nvd.nist.gov/vuln/detail/CVE-2024-39694
Detect and mitigate CVE-2024-39694 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →